Linux and LDAP

coliver

I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.

stacksofplates

@coliver said:

I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.

I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.

coliver

@johnhooks said:

@coliver said:

I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.

I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.

Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.

scottalanmiller

@johnhooks said:

I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.

You would use Kerberos and LDAP but not Samba of any version. Samba does "Windows services", SMB protocol and AD. If you don't have Windows, you don't touch Samba. Samba is not the Kerberos or LDAP supplier, it's literally only for talking to Windows.

scottalanmiller

@coliver said:

@johnhooks said:

@coliver said:

I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.

I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.

Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.

Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.

coliver

@scottalanmiller said:

@coliver said:

@johnhooks said:

@coliver said:

I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.

I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.

Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.

Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.

Yep, hence the "drop-in" replacement for AD.

scottalanmiller

@coliver said:

Yep, hence the "drop-in" replacement for AD.

Just want to make sure that everyone reading understands that Samba4 does one very specific version and setup for Kerberos and LDAP while on UNIX there are many options for how to do that both in setup as well as in products. Although I'd guess 99% of UNIX people just use OpenLDAP.

dafyre

@scottalanmiller said:

Although I'd guess 99% of UNIX people just use OpenLDAP.

If you are in a 100% *nix environment, then that would make sense... No need for Samba4/Active Directory unless you are primarily a Windows shop.

scottalanmiller

Windows or Mac. Even though Mac is 100% UNIX, it has so much built in SMB and AD support, you would use it for that potentially too.

Reid Cooper

OpenLDAP is what the average Linux shop is going to turn to when looking to implement an "AD like" authentication mechanism when no Windows is involved.